Title: Password security policies
Post by Pete Finnigan on Nov 21st, 2005, 7:28pm
I want to share the following poll with you. At DBA-Village (http://www.dba-village.com/village/dvp_base.main), they asked the following question:
So from the 513 reponses 24% (123) don't have a password policy and, according with the question, they consider security not an issue!
Maybe the question is misleading. Maybe some sites don't have a password policy (Oracle 7 !?) but this doesn't mean they don't find security important.
Anyway, 30% do have a password policy and this I find not very high. Or am I wrong?
We are pressing Oracle all the time to improve their security features but it seems that a great deal of the customers (us) don't care for them. I don't base this opinion just on the DBA-V poll but on what I read daily on comp.database.oracle.server , the OTN security forum and other sites. Security is still an after-thought .
Laws and regulations like SOX will change things but not everywhere. In the USA and some parts of Europa SOX is relevant but not for the rest of the world .
Pete has advocated for an open security standard for Oracle and I think he is right. I don't expect that a security standard will automagically solve all security risks but at least people will have a starting point and will be forced to think about the risks.
Title: Re: Password security policies
Post by Pete Finnigan on Nov 22nd, 2005, 5:07pm
Thanks for posting this. I read DBA-village most weeks from the newsletter that comes out but i did not see this yet. To be honest I am not surprised that the interest in password policies and security of databases in general is not very high. I find this all the time but it is changing, slowly.:-)
Forums like this and OTN are good places to make some noise about Oracle security and also to ask for new features. I was told that people in Oracle read my blog and sometimes take notice. If we keeop asking enough times it will improve )the security that is)
Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board